Cyber Warfare / Cyber Crime

[limpid]

46 minutes ago, snowychap said:

Yes there is. The simple mantra of Update ALL your software ALL the time would have had me (and others) on the GWX.exe upgrade merrygoround for all the time until they stopped offering it.

I don't know what this is and don't have time to look it up - was it a broken update?

[OutByEaster?]

9 hours ago, hippo said:

It was always a daft decision not to used the NHS massive buying power en mass  to buy windows licenses.

It was a pretty good decision for microsoft. The NHS would have been better spending its budget on lobbyists!

 

 

[magnkarl]

A good time for NHS to invest in some diversification and install some proper end points. My local surgery also uses xp, and as much as it gives me nostalgia it also gives me a mild seizure every time I see them typing in my private information into a computer that a 13 year old kid from Sweden could crack. 

[Davkaus]

18 minutes ago, limpid said:

I don't know what this is and don't have time to look it up - was it a broken update?

It was the Windows 10 update service that acted like an ex-girlfriend who kept ignoring the restraining order.

It was the update(s) responsible for:

1) There's this new thing coming soon, Windows 10, sign up here

2) You don't seem to have signed up. No biggy, but it's coming soon

3) Sign up. Sign up now. Do it.

4) Are you sure you don't want to sign up? Oh, you clicked close. No worries, we'll start downloading it for you.

5) You seem to have accidentally removed the Windows 10 update client, and kept declining Windows 10. Don't worry, I'm back.

6) I mean. I guess if you really don't want Windows 10, you can't stop updating your important Windows updates. Nothing bad will happen, probably...

7) HEY DUDE, GUESS WHAT. I INSTALLED WINDOWS 10 WHILE YOU WERE AWAY. YOU'RE WELCOME 

Edited May 15, 2017 by Davkaus

[snowychap]

24 minutes ago, limpid said:

I don't know what this is and don't have time to look it up - was it a broken update?

It was the nag about upgrading to Windows 10 for free and all that jazz (as per the Windows 10 thread in the other forum) about which @Davkauspointed out later:

On 11/03/2016 at 15:56, Davkaus said:

They've now pushed down Windows 10 nagware hidden inside an Internet Explorer 'security update'. Not that they're getting desperate for people to move from Win7/8.

It was probably another accident, third or fourth one, I think.

Emphasis is mine.

Edited May 15, 2017 by snowychap

[limpid]

@snowychap @Davkaus I didn't remember it by name  

Although Microsoft were their usual arrogant selves and handled this incredibly poorly, eventually all users will have to upgrade to Windows10 if they want to continue using Microsoft's piss poor product. So really my advice doesn't change. If you don't like how some companies do business or treat you as a customer, stop giving them your custom.

[snowychap]

10 minutes ago, limpid said:

@snowychap @Davkaus I didn't remember it by name  

Although Microsoft were their usual arrogant selves and handled this incredibly poorly, eventually all users will have to upgrade to Windows10 if they want to continue using Microsoft's piss poor product. So really my advice doesn't change. If you don't like how some companies do business or treat you as a customer, stop giving them your custom.

That's fair enough and I don't disagree with it (though I think there are some practical concerns) but my point was more about issues of trust between the end user and the company supplying the (security) update.

Edited May 15, 2017 by snowychap

[limpid]

9 minutes ago, snowychap said:

That's fair enough and I don't disagree with it (though I think there are some practical concerns) but my point was more about issues of trust between the end user and the company supplying the (security) update.

Yes, but you only have one solution there. If you don't trust the company providing your OS, should you be using that OS?

[snowychap]

30 minutes ago, limpid said:

Yes, but you only have one solution there. If you don't trust the company providing your OS, should you be using that OS?

No but if you are already using it then there is a problem. And that only covers when you're the person in charge of making the decision about it.

How do I know that 'non-Windows' OS provider is any better or different?

What we have seen in the messages in the aftermath of the other day's events is this message of 'update, update, update' otherwise you have no one to blame but yourself. Effectively this becomes 'put an unquestioning level of trust in the people who provide you with operating systems, software, services and so on' and I find that worrying (and impossible to do currently).

Edited May 15, 2017 by snowychap

[limpid]

1 minute ago, snowychap said:

No but if you are already using it then there is a problem. And that only covers when you're the person in charge of making the decision about it.

If you aren't responsible for making the decision on which OS to run then you shouldn't be responsible for the security of the OS.

2 minutes ago, snowychap said:

How do I know that 'non-Windows' OS provider is any better or different?

The same way you made the decision to select Microsoft in the first place.

2 minutes ago, snowychap said:

What we have seen in the messages in the aftermath of the other day's events is this message of 'update, update, update' otherwise you have no one to blame but yourself. Effectively this becomes 'put an unquestioning level of trust in the people who provide you with operating systems, software, services and so on' and I find that worrying (and impossible to do currently).

I trust all the updates from my OS supplier. I would change OS if I didn't. I can install an OS and be working in about 20 minutes if the worst happened (or grab a phone or tablet and just carry on working). My trust has moved outside of the local device to a variety of other places. This wasn't always the case, but I recognise a single local copy of things to be a poor solution and I include both data and apps in that.

If you can't / won't change OS and don't trust your OS supplier then you have to hope that your endpoint protection will save the day. That sucks.

[snowychap]

5 minutes ago, limpid said:

If you aren't responsible for making the decision on which OS to run then you shouldn't be responsible for the security of the OS.

No but you are still at the mercy of someone making use of any gaps in the security.

Quote

The same way you made the decision to select Microsoft in the first place.

Through habit, custom and inheriting an already purchased copy of Windows 7 home premium?

Quote

I trust all the updates from my OS supplier. I would change OS if I didn't. I can install an OS and be working in about 20 minutes if the worst happened (or grab a phone or tablet and just carry on working). My trust has moved outside of the local device to a variety of other places. This wasn't always the case, but I recognise a single local copy of things to be a poor solution and I include both data and apps in that.

That's all very well but you're talking from the position of being much more au fait with the nuts and bolts (and whatever may be a more appropriate metaphorical term for software) of operating systems and technological solutions than us bog-standard home users.

Quote

If you can't / won't change OS and don't trust your OS supplier then you have to hope that your endpoint protection will save the day. That sucks.

I don't think I'd trust any OS supplier now to have such control that it is set to automatically update whatever they want. They (in this case Microsoft) could still be lying to me when I read their knowledgebase 'further information' articles about each update, though.

[hippo]

Ive been involved in many desktop migrations - they are always a painful experience. When you do a large scale migration one of the most overlooked issues is training. If youre in the industry than a slight change isn't really a problem - but to your end user that causes major problems. A win 7 to open source desktops would be a major undertaking IMO.  

[limpid]

10 hours ago, snowychap said:

No but you are still at the mercy of someone making use of any gaps in the security.

Indeed, so I make sure that my stuff and productivity isn't at risk to the best of my ability and avoid lock in.

10 hours ago, snowychap said:

Through habit, custom and inheriting an already purchased copy of Windows 7 home premium?

That's all very well but you're talking from the position of being much more au fait with the nuts and bolts (and whatever may be a more appropriate metaphorical term for software) of operating systems and technological solutions than us bog-standard home users.

Habits are hard to break, but sometimes you just have to. Or you continue to take the risk with products you don't trust. If you want some advice, the Tech Room forum is the place to ask.

 

 

[snowychap]

1 hour ago, limpid said:

Or you continue to take the risk with products you don't trust. If you want some advice, the Tech Room forum is the place to ask.

I accept the risk to a certain extent. As long as I can wipe and reinstall if absolutely necessary then it's fine.

If I have to do that then you may see me in the other forum otherwise it'll be just before Jan 14 2020.

[MakemineVanilla]

According to this IT security guy the main points seem to be that the NSA discovered the security problem but did not tell Microsoft, and that when Microsoft eventually found out they issued a patch to all users of all iterations whether they had paid for support or not.

The problem was that to implement the patch computers needed to be re-booted and that is very difficult for large organisations to achieve.

One thing is certain, the regular media were not very helpful at all.

 

[limpid]

14 minutes ago, MakemineVanilla said:

The problem was that to implement the patch computers needed to be re-booted and that is very difficult for large organisations to achieve.

That's a choice made by

• Microsoft: patch-less kernel patching has been a thing in Linux since 2010 (VillaTalk used it until we moved to the hosted service)
• The organisations: they've deployed an architecture which doesn't allow nodes to be rebooted

[Amsterdam_Neil_D]

British Airways just got attacked,  all servers and web site down.  Flights all grounded.  Bank holiday weekend as well.

[Davkaus]

2 hours ago, Amsterdam_Neil_D said:

British Airways just got attacked,  all servers and web site down.  Flights all grounded.  Bank holiday weekend as well.

You've jumped the gun a bit, there's no suggestion they've been the victim of an attack at all, just looks like a failure they're not managed to recover from. 

I suspect they'd be suffering from less downtime if they hadn't made loads of British techies redundant, then outsourced the jobs to a shitty Indian offshoring company.

My sympathies with anyone whose bank holiday plans have been disrupted, but **** BA. You reap what you sow.  

Edited May 27, 2017 by Davkaus

[PaulC]

So seemingly the attacks came from North Korea. It wouldn't be some ordinary hackers there it would have come straight from the top Kim Jong-un

[Genie]

49 minutes ago, PaulC said:

So seemingly the attacks came from North Korea. It wouldn't be some ordinary hackers there it would have come straight from the top Kim Jong-un

I wonder how we will respond?

Like for like, or go old school?